OpenWRT
This OS is used on router/switch/AP.
Resources
- configuration
- supported devices
- configuration syntax update from 19 to 21
- Tri-band supported devices
- Tutorials: IPv6 from scratch, Proxmox sandbox network, Mesh, VLan
- DSA
Web GUI (Luci)
opkg update
opkg install luci-ssl
Note: It's also possible to install ''luci'' package without ssl
To start luci automatically :
/etc/init.d/uhttpd enable
First start :
/etc/init.d/uhttpd start
Change WEB-UI:
opkg install luci-theme-bootstrap
Then, go on ''System > System > Language and Style > Design > Bootstrap''.
Upgrade an image
sysupgrade -v /tmp/openwrt...bin
Auto upgrade
ASU: AttendedSysUpgrade (project)
AUC: AttendedsysUpgrade Cli (package)
Use carefully:
- (-) no signature control
- (-) image build by an external worker however it is possible to self-host to build locally, you can specify the url through
/etc/config/attendedsysupgrade
on the device. (no ARM support yet) - (+) practical to build an image containing the packages on the current installation.
opkg install auc
Example for a specific version:
auc -b 22.03
Note if you obtain an error Bad message (74)
, just do /etc/init.d/rpcd restart
source
Nodes management
See also discussion
Commands
Always run this command first time connection to install a new package.
opkg update
Failsafe
If the router has problem, and is still inaccessible you will need to enter in this mode. If failsafe doesn't work, i'm sorry to say you will need to reinstall os see hard flash failsafe.
-
Shutdown the device
-
Set up your computer to static ip 192.168.1.2 with submask 255.255.255.0
-
Turn on the device and press button "reset" > depend to the experience, sometime i keep push during 10 secondes, sometime i push/unpsh during 10 secs
-
Then you can
ssh root@192.168.1.1
and run different commands:
mount_root
try to debug and change/etc/config/*
before rebooting- reset everyting:
firstboot
Note: Don't forget to change root password !
Issues
WNDR 3700 wifi button
opkg update
opkg install wifitoggle
uci set wifitoggle.@wifitoggle[0].button=BTN_2
uci set wifitoggle.@wifitoggle[0].timer=0
uci commit wifitoggle
Configure ssh (dropbear)
Go to luci or /etc/config/dropbear
.
Note: ensure that if you change the port on the config file it is also open on the firewall
Generate host key
dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key
Verify the key
dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key | grep "^ssh-rsa "
Note: ssh-keygen
is not available on OpenWRT, extract the public key (see above), save it on a computer and check with ssh-keygen -lf
Add the public key
/etc/dropbear/authorized_keys
Tips
Access between vlans
Configurations:
- vlan 1 (home) : 192.168.2.1/24
- vlan 2 (services) : 192.168.4.1/24 (http service on port 8081 at 192.168.4.2)
Two equivalent accesses:
- one direct access
- one through dnat
# access with curl http://192.168.4.2:8081 (from home network)
config rule
option src 'home'
option dest 'services'
option dest_ip '192.168.4.2'
option dest_port '8081'
option proto 'tcp'
option target 'ACCEPT'
# dnat access with curl http://192.168.2.1:8081 (from home network)
config redirect
option target 'DNAT'
option src 'home'
option src_dport '8081'
option proto 'tcp'
option dest 'services'
option dest_ip '192.168.4.2'
option dest_port '8081'
option family 'ipv4'
Debugging
Use logread